The Photon operating system must protect audit tools from unauthorized modification and deletion.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256523 | SRG-OS-000257-GPOS-00098 | PHTN-30-000048 | SV-256523r991558_rule | 2024-12-16 | 1 |
Description
Protecting audit information includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on audit information.
Satisfies: SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099
ℹ️ Check
At the command line, run the following command:
# stat -c "%n is owned by %U and group owned by %G and permissions are %a" /usr/sbin/auditctl /usr/sbin/auditd /usr/sbin/aureport /usr/sbin/ausearch /usr/sbin/autrace
If any file is not owned by root or group-owned by root or permissions are more permissive than "750", this is a finding.
✔️ Fix
At the command line, run the following command for each file returned for user and group ownership:
# chown root:root <file>
At the command line, run the following command for each file returned for file permissions:
# chmod 750 <file>